Beispiel #1
0
func TestMissingSecrets(t *testing.T) {
	g, _, err := osgraphtest.BuildGraph("../../../api/graph/test/bad_secret_refs.yaml")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}

	kubeedges.AddAllRequestedServiceAccountEdges(g)
	kubeedges.AddAllMountableSecretEdges(g)
	kubeedges.AddAllMountedSecretEdges(g)

	markers := FindMissingSecrets(g, osgraph.DefaultNamer)
	if e, a := 1, len(markers); e != a {
		t.Fatalf("expected %v, got %v", e, a)
	}

	actualDC := osgraph.GetTopLevelContainerNode(g, markers[0].Node)
	expectedDC := g.Find(osgraph.UniqueName("DeploymentConfig|/docker-nfs-server"))
	if e, a := expectedDC.ID(), actualDC.ID(); e != a {
		t.Errorf("expected %v, got %v", e, a)
	}

	actualSecret := markers[0].RelatedNodes[0]
	expectedSecret := g.Find(osgraph.UniqueName("Secret|/missing-secret"))
	if e, a := expectedSecret.ID(), actualSecret.ID(); e != a {
		t.Errorf("expected %v, got %v", e, a)
	}
}
Beispiel #2
0
func (d *ProjectStatusDescriber) MakeGraph(namespace string) (osgraph.Graph, sets.String, error) {
	g := osgraph.New()

	loaders := []GraphLoader{
		&serviceLoader{namespace: namespace, lister: d.K},
		&serviceAccountLoader{namespace: namespace, lister: d.K},
		&secretLoader{namespace: namespace, lister: d.K},
		&rcLoader{namespace: namespace, lister: d.K},
		&podLoader{namespace: namespace, lister: d.K},
		// TODO check swagger for feature enablement and selectively add bcLoader and buildLoader
		// then remove errors.TolerateNotFoundError method.
		&bcLoader{namespace: namespace, lister: d.C},
		&buildLoader{namespace: namespace, lister: d.C},
		&isLoader{namespace: namespace, lister: d.C},
		&dcLoader{namespace: namespace, lister: d.C},
		&routeLoader{namespace: namespace, lister: d.C},
	}
	loadingFuncs := []func() error{}
	for _, loader := range loaders {
		loadingFuncs = append(loadingFuncs, loader.Load)
	}

	forbiddenResources := sets.String{}
	if errs := parallel.Run(loadingFuncs...); len(errs) > 0 {
		actualErrors := []error{}
		for _, err := range errs {
			if kapierrors.IsForbidden(err) {
				forbiddenErr := err.(*kapierrors.StatusError)
				if (forbiddenErr.Status().Details != nil) && (len(forbiddenErr.Status().Details.Kind) > 0) {
					forbiddenResources.Insert(forbiddenErr.Status().Details.Kind)
				}
				continue
			}
			actualErrors = append(actualErrors, err)
		}

		if len(actualErrors) > 0 {
			return g, forbiddenResources, utilerrors.NewAggregate(actualErrors)
		}
	}

	for _, loader := range loaders {
		loader.AddToGraph(g)
	}

	kubeedges.AddAllExposedPodTemplateSpecEdges(g)
	kubeedges.AddAllExposedPodEdges(g)
	kubeedges.AddAllManagedByRCPodEdges(g)
	kubeedges.AddAllRequestedServiceAccountEdges(g)
	kubeedges.AddAllMountableSecretEdges(g)
	kubeedges.AddAllMountedSecretEdges(g)
	buildedges.AddAllInputOutputEdges(g)
	buildedges.AddAllBuildEdges(g)
	deployedges.AddAllTriggerEdges(g)
	deployedges.AddAllDeploymentEdges(g)
	imageedges.AddAllImageStreamRefEdges(g)
	routeedges.AddAllRouteEdges(g)

	return g, forbiddenResources, nil
}
Beispiel #3
0
func TestCheckMountedSecrets(t *testing.T) {
	g, objs, err := osgraphtest.BuildGraph("../../../api/graph/test/bad_secret_refs.yaml")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}

	var dc *deployapi.DeploymentConfig
	for _, obj := range objs {
		if currDC, ok := obj.(*deployapi.DeploymentConfig); ok {
			if dc != nil {
				t.Errorf("got more than one dc: %v", currDC)
			}
			dc = currDC
		}
	}

	kubeedges.AddAllRequestedServiceAccountEdges(g)
	kubeedges.AddAllMountableSecretEdges(g)
	kubeedges.AddAllMountedSecretEdges(g)

	dcNode := g.Find(deploygraph.DeploymentConfigNodeName(dc))
	unmountable, missing := CheckMountedSecrets(g, dcNode.(*deploygraph.DeploymentConfigNode))

	if e, a := 2, len(unmountable); e != a {
		t.Fatalf("expected %v, got %v", e, a)
	}

	if e, a := 1, len(missing); e != a {
		t.Fatalf("expected %v, got %v", e, a)
	}
	if e, a := "missing-secret", missing[0].Name; e != a {
		t.Fatalf("expected %v, got %v", e, a)
	}
}
Beispiel #4
0
func TestUnmountableSecrets(t *testing.T) {
	g, _, err := osgraphtest.BuildGraph("../../../api/graph/test/bad_secret_refs.yaml")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}

	kubeedges.AddAllRequestedServiceAccountEdges(g)
	kubeedges.AddAllMountableSecretEdges(g)
	kubeedges.AddAllMountedSecretEdges(g)

	markers := FindUnmountableSecrets(g, osgraph.DefaultNamer)
	if e, a := 2, len(markers); e != a {
		t.Errorf("expected %v, got %v", e, a)
	}

	expectedSecret1 := g.Find(osgraph.UniqueName("Secret|/missing-secret"))
	expectedSecret2 := g.Find(osgraph.UniqueName("Secret|/unmountable-secret"))
	found1 := false
	found2 := false

	for i := 0; i < 2; i++ {
		actualDC := osgraph.GetTopLevelContainerNode(g, markers[i].Node)
		expectedDC := g.Find(osgraph.UniqueName("DeploymentConfig|/docker-nfs-server"))
		if e, a := expectedDC.ID(), actualDC.ID(); e != a {
			t.Errorf("expected %v, got %v", e, a)
		}

		actualSecret := markers[i].RelatedNodes[0]
		if e, a := expectedSecret1.ID(), actualSecret.ID(); e == a {
			found1 = true
		}
		if e, a := expectedSecret2.ID(), actualSecret.ID(); e == a {
			found2 = true
		}
	}

	if !found1 {
		t.Errorf("expected %v, got %v", expectedSecret1, markers)
	}

	if !found2 {
		t.Errorf("expected %v, got %v", expectedSecret2, markers)
	}
}
Beispiel #5
0
func (d *ProjectStatusDescriber) MakeGraph(namespace string) (osgraph.Graph, error) {
	g := osgraph.New()

	loaders := []GraphLoader{
		&serviceLoader{namespace: namespace, lister: d.K},
		&serviceAccountLoader{namespace: namespace, lister: d.K},
		&secretLoader{namespace: namespace, lister: d.K},
		&rcLoader{namespace: namespace, lister: d.K},
		&podLoader{namespace: namespace, lister: d.K},
		&bcLoader{namespace: namespace, lister: d.C},
		&buildLoader{namespace: namespace, lister: d.C},
		&isLoader{namespace: namespace, lister: d.C},
		&dcLoader{namespace: namespace, lister: d.C},
	}
	loadingFuncs := []func() error{}
	for _, loader := range loaders {
		loadingFuncs = append(loadingFuncs, loader.Load)
	}

	if errs := parallel.Run(loadingFuncs...); len(errs) > 0 {
		return g, utilerrors.NewAggregate(errs)
	}

	for _, loader := range loaders {
		loader.AddToGraph(g)
	}

	kubeedges.AddAllExposedPodTemplateSpecEdges(g)
	kubeedges.AddAllExposedPodEdges(g)
	kubeedges.AddAllManagedByRCPodEdges(g)
	kubeedges.AddAllRequestedServiceAccountEdges(g)
	kubeedges.AddAllMountableSecretEdges(g)
	kubeedges.AddAllMountedSecretEdges(g)
	buildedges.AddAllInputOutputEdges(g)
	buildedges.AddAllBuildEdges(g)
	deployedges.AddAllTriggerEdges(g)
	deployedges.AddAllDeploymentEdges(g)
	imageedges.AddAllImageStreamRefEdges(g)

	return g, nil
}